<?php
require 'db.php';
session_start();

if (!isset($_SESSION['user_id'])) {
    header('Location: index.html');
    exit();
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $new_password = trim($_POST['new_password']);
    if (empty($new_password)) {
        die('请输入新的密码');
    }

    $hashedPassword = password_hash($new_password, PASSWORD_BCRYPT);

    $stmt = $pdo->prepare('UPDATE users SET password = ? WHERE id = ?');
    if ($stmt->execute([$hashedPassword, $_SESSION['user_id']])) {
        echo '密码更新成功';
    } else {
        echo '密码更新失败';
    }
}
?>
